Critical-risk tools in Tableau MCP Server
5 of the 30 tools in Tableau MCP Server are classified as critical risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at critical risk
-
delete-datasourceDestructivePermanently deletes a published data source from the current Tableau site. Restricted to Tableau site administrators and requires the \
-
delete-extract-refresh-taskDestructiveDeletes an extract refresh task from the Tableau site. This permanently removes the scheduled extract refresh — the underlying data source or workbook is not affected, but it wi...
-
delete-workbookDestructivePermanently deletes a workbook from the current Tableau Cloud site. Restricted to Tableau site administrators and requires the \
-
reset-consentDestructiveResets saved OAuth consent for the current user on the Tableau authorization server. After resetting consent, the current session remains valid. The next OAuth authorization fl...
-
revoke-access-tokenDestructiveRevokes the access token used to authenticate the current session. After revocation the session is invalidated. Subsequent Tableau API calls within this session may fail. Clien...
Attacks that target this class
Critical-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.